Table of Contents
Advertisement
9
IPv4 ACLs
Access Control Lists
Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on
address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames
(based on address, DSCP traffic class, next header type, or flow label), or any frames
(based on MAC address or Ethernet type). To filter packets, first create an access list,
add the required rules, and then bind the list to a specific port. This section
describes the Access Control List commands.
Table 63: Access Control List Commands
Command Group
IPv4 ACLs
IPv6 ACLs
MAC ACLs
ARP ACLs
ACL Information
The commands in this section configure ACLs based on IPv4 addresses, TCP/UDP
port number, protocol type, and TCP control code. To configure IPv4 ACLs, first
create an access list containing the required permit or deny rules, and then bind the
access list to one or more ports.
Table 64: IPv4 ACL Commands
Command
access-list ip
permit, deny
permit, deny
ip access-group
show ip access-group
show ip access-list
Function
Configures ACLs based on IPv4 addresses, TCP/UDP port number,
protocol type, and TCP control code
Configures ACLs based on IPv6 addresses
Configures ACLs based on hardware addresses, packet format, and
Ethernet type
Configures ACLs based on ARP messages addresses
Displays ACLs and associated rules; shows ACLs assigned to each port
Function
Creates an IP ACL and enters configuration mode for
standard or extended IPv4 ACLs
Filters packets matching a specified source IPv4 address
Filters packets meeting the specified criteria, including
source and destination IPv4 address, TCP/UDP port
number, protocol type, and TCP control code
Binds an IPv4 ACL to a port
Shows port assignments for IPv4 ACLs
Displays the rules for configured IPv4 ACLs
– 335 –
Mode
GC
IPv4-STD-
ACL
IPv4-EXT-
ACL
IC
PE
PE
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
